/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */

A short info. Someone (Le Duc Anh - SVRT - Bkis) posted on the FD list about a Remote Buffer Overflow in Chrome, needing a little interaction from the user - the user needs to click 'Save as...' (the buffer overflow is related to the handling of the <title> while saving files). The researcher has provided two PoC exploits, one is said to run a calculator (on XP SP2, but it didn't work for me), and the other is just a DoS. It must be noted that that both the renderers and browser processes are crashed, so the vuln is located either in the browser, or is magically transfered from the renderer to the browser.

Concluding, this is the first remote code exec in Chrome (3 days after the release? sth like that), and 3rd published vuln (I'm not counting the unpublished ones ofc).

Update: Looks like Shinnok found another buffer overflow, however it seams it's just a remote DoS (however there still is an option it's something more) requiring some (very little) user interaction (placing mouse pointer above a link).Stats: 1 remote code exec, 4 vulns total, and counting (keep in mind that it's just a beta, so these stats mean nothing).

Update 2: As You can see in the comments, SVRT-BKIS created additional PoC exploits for the remote buffer overflow vulnerability (I tried them out, they work, at least the last one does ;>). You can find the PoC exploits at Bkis Blog.